PT-2025-19705 · Mechrevo · Mechrevo Control Console
Ba1_Ma0
·
Published
2025-05-05
·
Updated
2025-05-10
·
CVE-2025-4272
CVSS v2.0
6.0
Medium
| Vector | AV:L/AC:H/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mechrevo Control Console version 1.0.2.70
Description
A critical issue affects an unknown functionality in the library C:Program FilesOEMMECHREVO Control CenterUniwillServiceMyControlCentercsCAPI.dll of the component GCUService. The manipulation leads to an uncontrolled search path. An attack must be approached locally and has a rather high complexity. The exploitation is known to be difficult.
Recommendations
For Mechrevo Control Console version 1.0.2.70, consider restricting access to the library C:Program FilesOEMMECHREVO Control CenterUniwillServiceMyControlCentercsCAPI.dll to minimize the risk of exploitation. As a temporary workaround, consider disabling the functionality related to the GCUService component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Untrusted Search Path
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mechrevo Control Console